vSphere 6.0 Autodeploy discovery in regards to tftp

Notice: Page may contain affiliate links for which we may earn a small commission through services like Amazon Affiliates or Skimlinks.
W

whitey

Moderator
Jun 30, 2014
2,766
868
113
41
I don't know if anyone here leverages vSphere Autodeploy but it is an immensely powerful tool for mass VI deployment. Yesterday when evaluating the new code base and deciding to test the new Autodeploy guts I quickly ran into a 'smash head into the wall' moment for a good hour or two with my PXE boots of the ESXi hypervisor hanging at a failed TFTP boot message. I wrote a post about it on my blog but am unsure of the cross-post rules here (will read in morning).

Anyways if anyone on here is using the vCenter Server Appliance (VCSA or VCVA to some) as an all-in-one vCenter/Autodeploy server (via dhcpd/atftpd) you will have to add the following iptables firewall rule to get it to stick/survive reboots.

vSphere6_Autodeploy_iptables_tftp_fix.png

Verify iptables is now accepting port 69 UDP connection to the atftpd service/daemon.

vSphere_6_Autodeploy_iptables_tftp_fix2.png

For some reason when you enable the Autodeply service from the web client it is not triggering/opening up port 69 for tftp. This was not the case with the VCSA 5.5 appliance in the same configuration. Alerted VMware eng already for what it's worth.

Without this fix Autodeploy PXE boots of stateless ESXi hypervisor boots will be fail.

Hope this helps my fellow forum sth'ers who are deep in the vSphere scene.

Successful PXE/TFTP provisioned vSphere Autodeploy ESXi stateless hypervisor (nested)

vESXi6_Autodeploy_nested.png

Teaser, VCSA DCUI looking console :-D

VCSA-6.0.png
 
Last edited:
  • Like
Reactions: Chuckleb
Biren78

Biren78

Active Member
Jan 16, 2013
550
94
28
I don't understand why PXE and TFTP are so hard to get working right.
 
W

whitey

Moderator
Jun 30, 2014
2,766
868
113
41
It's not when you have the Autodeploy infrastructure configure properly and damn slick to see working end to end with Image Builder cmdlets and Host profiles bolted on (takes me 10-15 mins including deployment of VCSA appliance, vSphere PowerCLI install import media/setup rules, config dhcpd/atftpd)...long as a stupid host based firewall (iptables) isn't stepping your darn toes. With a little bit of *nix/netfilter know how this was wasy enough to work through for me. I understand the PXE/TFTP process from Sun Ray/LTSP/Citrix/Autodeploy/etc. network booting methods over the years. I knew the tftp server was listening through a netstat -an | grep 69 and the nested ESXi host was getting a DHCP address from the VCSA/Autodeploy server but on a default check of iptables -nL | grep 69 I didn't see udp port 69 which was a dead giveaway to me. A few iptables ruleset tests/reboots/cycling of services and I hunted down where to put the script to run last at boot on SLES 11 (it's /etc/rc.d/boot.local on Suse, /etc/rc.local for Red Hat) and off to the races was I. :-D
 
Last edited:
  • Like
Reactions: Biren78
You must log in or register to reply here.
Top Bottom